HID claims that none of its encoder keys have been leaked or distributed publicly, reassuring customers that their security has not been compromised.
However, researcher Javadi highlights the possibility of unknown individuals extracting HID’s keys, emphasizing the need for caution given the intelligence of potential threat actors.
Despite HID’s efforts to address the key-extraction issue through software updates, many clients have yet to implement the necessary fixes, leaving their systems vulnerable to exploitation.
Time to Change the Locks
Researchers developed a method to extract HID encoders’ keys by dissecting the hardware, enabling them to wirelessly intercept sensitive data without encryption.
While RFID keycard authentication systems like HID have been compromised in the past, the upcoming presentation at Defcon poses unique challenges for security measures.
Security researcher Glasser emphasizes that keycard cloning is just one aspect of overall security, noting that social engineering tactics can often bypass electronic measures.
The Defcon presentation does not target HID specifically but serves as a reminder to diversify security measures and not rely solely on one technology.
With HID’s keys potentially compromised, the company and its clients face the daunting task of re-securing their systems by “changing the locks” and regaining control.